4 minute read
Sports look to strengthen their online defences
Blocked turnstiles, hacked transfer deals and fraudulent kit sales among cyber incidents against the sports sector, according to the UK official National Cyber Security Centre (NCSC). The sports industry is shown as a high-value threat target with at least 70 per cent of institutions suffering from a cyber incident every 12 months, more than double the average for UK businesses.
Advertisement
All sporting organisations and clubs are being urged to strengthen security after the NCSC’s ‘The Cyber Threat to Sports Organisations’ report revealed that an email of a Premier League club’s managing directors’ email was hacked during a transfer negotiation which lead to hackers almost intercepting and stealing £1 million. The reason for the unsuccessful attempt was down to the club’s bank intervening before the transaction went through.
The report also stated that 70 per cent of major UK sports clubs and organisations are hit with at least one cyber-attack every year, which is double the amount of any other business in the UK. Around 30% of these incidents result in financial damage, averaging £10,000 per attack, the largest loss from a cyberattack accumulated up to £4 million.
NCSC have highlighted in the report that there are three common methods that criminals use to hack organisations; business email compromise (BEC), cyber-enabled fraud, and ransomware which can take control and shut down stadium security and accessibility. It also mentioned that approximately 40 per cent of these attacks use malware in which a quarter of these are ransomware.
An incident that was covered in the report included a Football League club suffering from a ransomware attack which prevented the turnstiles and CCTV from working; this almost resulted in the match being postponed.
The report added that a UK racecourse member of staff was a victim of fraud, losing £15,000 when they used a fake version of eBay, as they attempted to buy groundskeeping equipment.
Paul Chichester, Director of Operations at the NCSC, said: “Sport is a pillar of many of our lives and we’re eagerly anticipating the return to full stadiums and a busy sporting calendar.
“While cyber security might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cyber criminals cashing in on this industry is very real.
“I would urge sporting bodies to use this time to look at where they can improve their cyber security – doing so now will help protect them and millions of fans from the consequences of cybercrime.”
Sir Hugh Robertson, Chair of the British Olympic Association, said in the report: “Improving cyber security across the sports sector is critical. The British Olympic Association sees this report as a crucial first step, helping sports organisations to better understand the threat and highlighting practical steps that organisation should take to improve cyber security practices.”
Tony Sutton, Chief Operating Officer at Rugby Football League, said: “The issue of cyber security is one all sports, including Rugby League, take seriously. As we grow our digital capabilities and online platforms, protecting the governing body, our members, customers
READ THE NCSC REPORT HERE
and stakeholders is paramount.
“We welcome the NCSC Report and the guidance it offers the sports sector.”
Digital and Sport Secretary, Oliver Dowden, said: “Cyber security should be everyone’s game, but elite sport is clearly an attractive target for cyber criminals.
“Sports bodies should listen carefully to this warning by the NCSC and take steps to improve their cyber security before it is too late. Simple steps taken today can save millions of pounds of losses tomorrow”
The cyber incidents highlighted in the report include:
• During a transfer negotiation with an overseas football team the email address of the managing director of a Premier League club was hacked by cyber criminals. Only a late intervention from the bank prevented the club losing almost £1 million. • An employee at an organisation which holds athlete performance data had their email address compromised, allowing the hackers access to sensitive information over several months. An English Football League (EFL) club suffered a significant ransomware attack which crippled their corporate and security systems. As a result of the attack the CCTV and turnstiles at the ground were unable to operate, almost leading to a fixture cancellation. A member of staff at a UK racecourse identified an item of grounds keeping equipment for sale on eBay, and agreed to a price of £15,000. The sale turned out to be fraudulent – a spoofed version of eBay had been created and the staff member was unable to recover the funds.
In the report, the NCSC has identified three common tactics used by criminals to assault the sector on a daily basis, which are: business email compromise (BEC), cyber-enabled fraud, and ransomware being used to shut down critical event systems and stadiums.
Amongst the findings – which have been published on the NCSC website – were:
• Approximately 30 per cent of incidents caused direct financial damage, averaging £10,000 each time; the biggest single loss was over £4 million • Over 70% of those surveyed have experienced one cyber incident or breach in the past year – 30 per cent have recorded over 5 incidents during the same period • Over 80 per cent have online business systems – such as ticketing – which process thousands of financial transactions • Approximately 40 per cent of attacks on sports organisations involved malware. A quarter of these involved ransomware.
The report comes after the NCSC recently advised sports fans how to watch behind-closed-doors games online safely, now that matchday tickets have been swapped for TV subscriptions.
